Cyber security pitfalls to watch out for in 2016

Easy availability of mobile hacking kits on Tor, a flurry of new banking and FinTech entrants, and the race to launch applications quickly would create the perfect storm for security practitioners.


By Vaibhav Khandelwal
Executives from every large technology corporation are making a beeline to be part of the government’s growth agenda and enable India leapfrog from the Industrial age to Information Age. Consumer durable companies and brands want to reap long term dividends by building loyalty among the world’s single largest millennial population. Central to the growth strategy of consumer facing businesses, startups and Venture Capital funding new industries is a little 3x5 inch real estate constituting Indium tin Oxide, Glass & Rare Earth metals – the mobile phone. After all, India is the hottest smartphone market.

With the growth of mobile phones, especially Android devices, we foresee a spate of new threat vectors targeting mobile devices. Easy availability of mobile hacking kits on Tor, a flurry of new banking and FinTech entrants, and the race to launch applications quickly would create the perfect storm for security practitioners.

Here are some of our top security trends on 2016.

Increased Mobile Malware: We will see mobile malware targeting banking applications to steal SMS or your one time passwords. The first wave would be known financial malware targeting Android platform and rooted devices. Meet SPITMO - an acronym for Spy Eye in the Mobile – this Trojan malware gets installed onto your phone if you download a rogue or cloned app on your Android device. SPITMO can read your SMS messages and forward them to a command center, without you suspecting anything.

Ransomware: Have you ever felt debilitated when your phone battery drains out and you are not able to use your device? Well, consider this – you have your phone in your hand, it is fully charged, but you are unable to access it because you are held at ransom by a cyber-criminal! Ransomware, as the name suggests are targeted attacks through your social media or email account where you are duped into downloading a file you would otherwise not have. The file contains custom code to take access of all your phone data and lock the device with a new password. The cyber-criminal asks for a ransom, to be paid via prepaid card or funds transfer in return of the ransomware password to unlock your phone.

Targeted attacks: We foresee specific targeted attacks against large public sector organizations and fraudsters targeting more technology organizations, healthcare companies and banks. The cost of a data breach will continue to rise in India and cyber-security may increasingly become a Board Room concern in India as well.

iOS breached: A big reason to remain an Apple fan is the security the iOS platform brings to all applications. If you are a developer then you know the stringent quality and security standards Apple subjects you to before making your application available on the iOS App store. Well, it seems the high walls of iOS security can be breached. The 2014 celebrity photo leak showed that iCloud was vulnerable to brute force attacks, i.e. there was no limit to the number of password attempts a human or bot could make. In 2016 new iOS vulnerabilities will continue to emerge. A significant vulnerability was detected this year when Apple devices could be infected while charging them connected to public computers or unknown computers.

Unsecure Wi-fi and Man in Middle Attack: You are at a public space and connect your device to the first open and free Wifi connection. If the Wifi Router settings are not appropriately set, it is easy for a third party to read all your communication data while you are on that connection. This would mean that your username and password are vulnerable during that session. Make sure you avoid doing online banking or quick online shopping on these public and Wifi that is not secure.

Credential theft and phishing through social engineering: Are you always eager to accept a LinkedIn or Facebook invite from strangers? Social engineering has gone mainstream as a way to spoof you into revealing your credentials. We foresee a large number of unsuspecting users fall prey to likable friend and network requests. Links shared via social media have a far higher likelihood to be clicked or downloaded and at risk are your credentials and data.

Newton's third law sums it up: 'every action has an equal and opposite reaction', while technology is the 'action', cyber threats are the 'reaction'. As technology advances, the threats that loom around it will also evolve simultaneously. Stay safe, stay protected!

The author is Trusteer Leader, IBM.

Find our entire collection of stories, in-depth analysis, live updates, videos & more on Chandrayaan 2 Moon Mission on our dedicated #Chandrayaan2TheMoon domain.